mirror of https://git.envs.net/envs/ops.git
update some internal server configs
This commit is contained in:
parent
6c3053eb53
commit
33066ec28e
1
Makefile
1
Makefile
|
@ -43,6 +43,7 @@ bin:
|
||||||
|
|
||||||
etc:
|
etc:
|
||||||
@printf "$(GREEN)--- etc ------------------------------------------------\n$(RESET)"
|
@printf "$(GREEN)--- etc ------------------------------------------------\n$(RESET)"
|
||||||
|
@install -m 644 etc/etc/hosts /etc
|
||||||
@install -m 644 etc/etc/inetd.conf /etc
|
@install -m 644 etc/etc/inetd.conf /etc
|
||||||
@install -m 644 etc/etc/inputrc /etc
|
@install -m 644 etc/etc/inputrc /etc
|
||||||
@install -m 644 etc/etc/nanorc /etc
|
@install -m 644 etc/etc/nanorc /etc
|
||||||
|
|
|
@ -0,0 +1,37 @@
|
||||||
|
# DO NOT TOUCH IT HERE SEE GIT REPO 'envs/ops'
|
||||||
|
|
||||||
|
# !!! DO NOT SET ALIAS ENVS.NET TO localhost # mail problem !!!
|
||||||
|
127.0.0.1 localhost
|
||||||
|
127.0.0.1 core.envs.net bbj.envs.net gopher.envs.net help.envs.net ip.envs.net ip.envs.sh stats.envs.net ttbp.envs.net twtxt.envs.net webirc.envs.net znc.envs.net
|
||||||
|
|
||||||
|
89.163.145.170 envs.net core core.envs.net ve423.venus.dedi.server-hosting.expert ve423
|
||||||
|
5.199.136.30 ssh.envs.net
|
||||||
|
|
||||||
|
# The following lines are desirable for IPv6 capable hosts
|
||||||
|
::1 localhost ip6-localhost ip6-loopback
|
||||||
|
ff02::1 ip6-allnodes
|
||||||
|
ff02::2 ip6-allrouters
|
||||||
|
|
||||||
|
#
|
||||||
|
# ENVS.NET - LXC
|
||||||
|
#
|
||||||
|
|
||||||
|
192.168.1.2 ns1.envs.net ns1 dns
|
||||||
|
192.168.1.3 mail.envs.net mail
|
||||||
|
192.168.1.4 lists.envs.net lists
|
||||||
|
192.168.1.5 ldap.envs.net ldap ldap1
|
||||||
|
192.168.1.6 moni.envs.net moni prometheus.envs.net prometheus grafana.envs.net grafana
|
||||||
|
|
||||||
|
192.168.1.10 git.envs.net gitea
|
||||||
|
192.168.1.11 searx.envs.net searx
|
||||||
|
192.168.1.12 cryptpad pad.envs.net pad cryptpad
|
||||||
|
192.168.1.13 drone.envs.net drone
|
||||||
|
192.168.1.14 matrix.envs.net matrix riot.envs.net riot dimension.envs.net dimension
|
||||||
|
|
||||||
|
192.168.1.15 envs.sh 0x0.envs.net null.envs.net 0x0 null
|
||||||
|
192.168.1.15 tb.envs.net tb termbin.envs.net termbin
|
||||||
|
192.168.1.16 rss.envs.net rss
|
||||||
|
192.168.1.17 pb.envs.net pb pastebin.envs.net pastbin
|
||||||
|
192.168.1.18 pleroma.envs.net pleroma social halcyon.envs.net halcyon
|
||||||
|
192.168.1.19 jitsi.envs.net jitsi
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
# DO NOT TOUCH IT HERE SEE GIT REPO 'envs/ops'
|
||||||
|
|
||||||
# /etc/inetd.conf: see inetd(8) for further informations.
|
# /etc/inetd.conf: see inetd(8) for further informations.
|
||||||
#
|
#
|
||||||
# Internet superserver configuration database
|
# Internet superserver configuration database
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
# DO NOT TOUCH IT HERE SEE GIT REPO 'envs/ops'
|
||||||
|
|
||||||
# /etc/inputrc - global inputrc for libreadline
|
# /etc/inputrc - global inputrc for libreadline
|
||||||
# See readline(3readline) and `info rluserman' for more information.
|
# See readline(3readline) and `info rluserman' for more information.
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# DO NOT TOUCH IT HERE SEE GIT REPO 'envs/ops'
|
||||||
#
|
#
|
||||||
# This file MUST be edited with the 'visudo' command as root.
|
# This file MUST be edited with the 'visudo' command as root.
|
||||||
#
|
#
|
||||||
|
|
|
@ -197,6 +197,13 @@ if [ "$1" = "start" ]; then
|
||||||
$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.4 -j SNAT --to 5.199.136.29
|
$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.4 -j SNAT --to 5.199.136.29
|
||||||
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.4 -j SNAT --to 5.199.136.29
|
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.4 -j SNAT --to 5.199.136.29
|
||||||
|
|
||||||
|
# ldap
|
||||||
|
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.5 -j SNAT --to 89.163.145.170
|
||||||
|
|
||||||
|
# monitor (prometheus and grafana)
|
||||||
|
# => apache2 proxy (http/https)
|
||||||
|
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.6 -j SNAT --to 89.163.145.170
|
||||||
|
|
||||||
# gitea
|
# gitea
|
||||||
# => apache2 proxy (http/https)
|
# => apache2 proxy (http/https)
|
||||||
$IPT -w -t nat -A PREROUTING -d 5.199.130.141 -p tcp --dport 22 -j DNAT --to-destination 192.168.1.10:22
|
$IPT -w -t nat -A PREROUTING -d 5.199.130.141 -p tcp --dport 22 -j DNAT --to-destination 192.168.1.10:22
|
||||||
|
@ -224,7 +231,11 @@ if [ "$1" = "start" ]; then
|
||||||
#
|
#
|
||||||
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 8448 -j DNAT --to-destination 192.168.1.14:8448
|
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 8448 -j DNAT --to-destination 192.168.1.14:8448
|
||||||
$IPT -w -A FORWARD -p tcp -d 192.168.1.14 --dport 8448 -j ACCEPT
|
$IPT -w -A FORWARD -p tcp -d 192.168.1.14 --dport 8448 -j ACCEPT
|
||||||
#
|
# coturn
|
||||||
|
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 3478 -j DNAT --to-destination 192.168.1.14:3478
|
||||||
|
$IPT -w -A FORWARD -p udp -d 192.168.1.14 --dport 3478 -j ACCEPT
|
||||||
|
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 3478 -j DNAT --to-destination 192.168.1.14:3478
|
||||||
|
$IPT -w -A FORWARD -p tcp -d 192.168.1.14 --dport 3478 -j ACCEPT
|
||||||
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 5349 -j DNAT --to-destination 192.168.1.14:5349
|
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 5349 -j DNAT --to-destination 192.168.1.14:5349
|
||||||
$IPT -w -A FORWARD -p udp -d 192.168.1.14 --dport 5349 -j ACCEPT
|
$IPT -w -A FORWARD -p udp -d 192.168.1.14 --dport 5349 -j ACCEPT
|
||||||
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 5349 -j DNAT --to-destination 192.168.1.14:5349
|
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 5349 -j DNAT --to-destination 192.168.1.14:5349
|
||||||
|
@ -346,6 +357,9 @@ if [ "$1" = "start" ]; then
|
||||||
$IPT -w -A INPUT -m state --state NEW -d 192.168.1.1 -p udp --dport 53 -j ACCEPT
|
$IPT -w -A INPUT -m state --state NEW -d 192.168.1.1 -p udp --dport 53 -j ACCEPT
|
||||||
$IPT -w -A INPUT -m state --state NEW -d 192.168.1.1 -p tcp --dport 53 -j ACCEPT
|
$IPT -w -A INPUT -m state --state NEW -d 192.168.1.1 -p tcp --dport 53 -j ACCEPT
|
||||||
|
|
||||||
|
# prometheus node
|
||||||
|
$IPT -w -A INPUT -m state --state NEW -d 192.168.1.1 -s 192.168.1.6 -p tcp --dport 9100 -j ACCEPT
|
||||||
|
|
||||||
# finger
|
# finger
|
||||||
$IPT -w -A INPUT -m state --state NEW -d 89.163.145.170 -p tcp --dport 79 -j ACCEPT
|
$IPT -w -A INPUT -m state --state NEW -d 89.163.145.170 -p tcp --dport 79 -j ACCEPT
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
# DO NOT TOUCH IT HERE SEE GIT REPO 'envs/ops'
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
|
@ -24,6 +25,9 @@ for domain in $RENEWED_DOMAINS; do
|
||||||
# pleroma
|
# pleroma
|
||||||
lxc-attach -n pleroma -- bash -c "systemctl reload nginx"
|
lxc-attach -n pleroma -- bash -c "systemctl reload nginx"
|
||||||
|
|
||||||
|
# monitor
|
||||||
|
lxc-attach -n moni -- bash -c "systemctl reload nginx"
|
||||||
|
|
||||||
# mail
|
# mail
|
||||||
# has a own letencrypt cert in container!
|
# has a own letencrypt cert in container!
|
||||||
##lxc-attach -n mail -- bash -c "systemctl reload nginx postfix dovecot"
|
##lxc-attach -n mail -- bash -c "systemctl reload nginx postfix dovecot"
|
||||||
|
|
|
@ -61,19 +61,19 @@ server {
|
||||||
|
|
||||||
# matrix
|
# matrix
|
||||||
location /.well-known/matrix/ {
|
location /.well-known/matrix/ {
|
||||||
add_header Access-Control-Allow-Origin *;
|
add_header Access-Control-Allow-Origin "*";
|
||||||
add_header Content-Type application/json;
|
add_header Content-Type application/json;
|
||||||
return 200 '{"m.server": "envs.net:8448", "m.homeserver": {"base_url": "https://matrix.envs.net"}}';
|
return 200 '{"m.server": "envs.net:8448", "m.homeserver": {"base_url": "https://matrix.envs.net"}}';
|
||||||
}
|
}
|
||||||
|
|
||||||
location /.well-known/matrix/support {
|
location /.well-known/matrix/support {
|
||||||
add_header Access-Control-Allow-Origin *;
|
add_header Access-Control-Allow-Origin "*";
|
||||||
add_header Content-Type application/json;
|
add_header Content-Type application/json;
|
||||||
return 200 '{"admins": [{"matrix_id": "@creme:envs.net", "email_address": "hostmaster@envs.net", "role": "admin"}]}';
|
return 200 '{"admins": [{"matrix_id": "@creme:envs.net", "email_address": "hostmaster@envs.net", "role": "admin"}]}';
|
||||||
}
|
}
|
||||||
|
|
||||||
location /.well-known/matrix/integrations {
|
location /.well-known/matrix/integrations {
|
||||||
add_header Access-Control-Allow-Origin *;
|
add_header Access-Control-Allow-Origin "*";
|
||||||
add_header Content-Type application/json;
|
add_header Content-Type application/json;
|
||||||
return 200 '{"m.integrations": {"managers": [{"api_url": "https://dimension.envs.net/api/v1/scalar", "ui_url": "https://dimension.envs.net/riot"}]}}';
|
return 200 '{"m.integrations": {"managers": [{"api_url": "https://dimension.envs.net/api/v1/scalar", "ui_url": "https://dimension.envs.net/riot"}]}}';
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
### GRAFANA.ENVS.NET - lxc ###
|
||||||
|
server {
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_mid.conf;
|
||||||
|
server_name grafana.envs.net;
|
||||||
|
|
||||||
|
return 307 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# SSL
|
||||||
|
server {
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_mid.conf;
|
||||||
|
server_name grafana.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/grafana.envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_ssl_name $http_host;
|
||||||
|
proxy_ssl_server_name on;
|
||||||
|
proxy_pass https://grafana.envs.net;
|
||||||
|
}
|
||||||
|
}
|
|
@ -18,6 +18,8 @@ server {
|
||||||
|
|
||||||
error_log /var/log/nginx/matrix.envs.net-error.log crit;
|
error_log /var/log/nginx/matrix.envs.net-error.log crit;
|
||||||
|
|
||||||
|
client_max_body_size 100M;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
include proxy_params;
|
include proxy_params;
|
||||||
proxy_ssl_name $http_host;
|
proxy_ssl_name $http_host;
|
||||||
|
|
|
@ -18,6 +18,8 @@ server {
|
||||||
|
|
||||||
error_log /var/log/nginx/pad.envs.net-error.log crit;
|
error_log /var/log/nginx/pad.envs.net-error.log crit;
|
||||||
|
|
||||||
|
client_max_body_size 100M;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
include proxy_params;
|
include proxy_params;
|
||||||
proxy_ssl_name $http_host;
|
proxy_ssl_name $http_host;
|
||||||
|
@ -52,4 +54,4 @@ server {
|
||||||
location / {
|
location / {
|
||||||
return 301 https://pad.envs.net/;
|
return 301 https://pad.envs.net/;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,6 +18,8 @@ server {
|
||||||
|
|
||||||
error_log /var/log/nginx/pleroma.envs.net-error.log crit;
|
error_log /var/log/nginx/pleroma.envs.net-error.log crit;
|
||||||
|
|
||||||
|
client_max_body_size 64M;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
include proxy_params;
|
include proxy_params;
|
||||||
proxy_ssl_name $http_host;
|
proxy_ssl_name $http_host;
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
### PROMETHEUS.ENVS.NET - lxc ###
|
||||||
|
server {
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_mid.conf;
|
||||||
|
server_name prometheus.envs.net;
|
||||||
|
|
||||||
|
return 307 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# SSL
|
||||||
|
server {
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_mid.conf;
|
||||||
|
server_name prometheus.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/prometheus.envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_ssl_name $http_host;
|
||||||
|
proxy_ssl_server_name on;
|
||||||
|
proxy_pass https://prometheus.envs.net;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1 @@
|
||||||
|
/etc/nginx/sites-available/grafana.envs.net.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/etc/nginx/sites-available/prometheus.envs.net.conf
|
|
@ -1 +1 @@
|
||||||
Subproject commit fa5613116baba05beead0186ea045287b8b01b1e
|
Subproject commit 6997cdf8606bfc7a608a025eb883adef4dcefab5
|
Loading…
Reference in New Issue